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AMEMDED BRIEF ON APPEAL 



Commissioner for Patents 
P.O.Box 1450 

Alexandria, VA 22313-1450 
Sir: 

This is an Appeal from the Final Rejection of Claims 1- 
45 of this Application dated February 10, 2005. VIII , 
Appendix containing a copy of each of the Claims is 
attached. 



I. Real Party in Interest 
The real party in interest is International Business 
Machines Corporation, the assignee of the present 
Application . 
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IXj Related Appeals and Interferences 

None 

III. Status of Claims 

A. TOTAL NUMBER OF CLAIMS IN APPLICATION 

There are 4 5 claims in this Application. 

B. STATUS OF ALL THE CLAIMS 

1. Claims cancelled: None. 

2. Claims withdrawn from consideration but not 
cancelled: None. 

3. Claims pending: 1-45. 

4. Claims allowed: None. 

5. Claims rejected: 1-45. 

C. CLAIMS ON APPEAL 

Claims on appeal: 1-45. 

IV Status of Amendments 
No amendments have been filed after Final Rejection. 
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V. Summ ary of Claimed Subject Matter 
The elements in the combinations of independent claims 
1, 16, and 31 may be understood from representative claim 1 
with annotations referring to illustrations of the subject 
matter in the drawings and specification: 

- 1. In a data processing operation having stored data in a 
plurality of data files, a system for protecting said data 
files from unauthorized users comprising: 

means for receiving user requests for access to data 
files (referring to Fig. 1 of drawings, the present 
Specification, page 7 lines 30-33 describes requests from IP 
locations 63 and 6 5 made to Web station 57 which controls a 
database including directory 5 5 containing groups of files 
58, 59... 68, 69, p. 7, lines 18-21); 

means for determining whether said requests are 
unauthorized intrusions into said requested data files 
(referring to Fig. 1, page 8, lines 6-9 describe file 
requests being authenticated within firewall section 52 of 
server 53 using Kerberos protocols) ; and 

means, responsive to a determination that a request is 
an unauthorized intrusion, for changing the identification 
of the requested data files (page 9, lines 2-9, still 
referring to Fig. 1, describes a determination that 
authentication of requests for files 58 and 59 has been 
unsuccessful. This failure triggers an alert which in turn 
causes file 59, for example, to be renamed file 72) -. 

Independent claims 8, 23, and 38 cover the above 
described invention in a network environment. (Fig. 1 as 
described by the above mentioned sections in the 
Specification describing the implementation being carried on 
the World Wide Web network) . 



AUS920000941US1 



3 



PATENT 
09/801,612 

VI. Grounds of Rej ection to be Reviewed on Appeal 
Claims 1-45 are rejected under 35 USC 103(a) as 
unpatentable over Schneck et al. (US5 , 933 , 498) in view of 
the Margolus et al. Publication (US2002/0038296) . 

VII . Argument 

Claims 1-45 are unobvious over the combination of Schneck et 
al. (US5,933,498) in view of the Margolus Publication 
Sin 2 ??2/0038296) , and, therefore, are patentable under 35 

The basic Schneck reference fails to even suggest, the 
key to the present invention: changing the identification of 
requested data files res ponsive to determination that. 
request is an unauthorized intrusion . 

Applicants concur with Examiner that Schneck discloses 
determining whether received requests for data files, in a 
network environment, are unauthorized. Applicants also 
concur with Examiner's conclusion that: Schenk does not 
teach means, responsive to unauthorized intrusion, for 
changing identification o f requested data fii^s (page 3, 
paragraph 4 of the Final Rejection herein) . 

However, Applicants disagree with Examiner's position 
that there is a suggestion in Schneck that its teaching 
could be modifiable to disclose the present invention. The 
Examiner points to columns 7 and 8 in Schneck as suggesting 
such a modification. This portion of Schneck and subsequent 
portions set forth elaborate sets of rules for first 
determining the type of intrusion, and then providing an 
expedient for responding to the intrusion. While Scneck's 
responses include destruction or encryption of invaded 
files, there is no suggestion whatsoever of changing the 
identification of the intruded files. 

This omission becomes even more significant when one 
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considers that in the whole comprehensive • description in 
Schneck et al. (34 columns and 26 sheets of drawings) 
covering rules for protecting data, there is no hint 
whatsoever of changing the identification of the data file 
subjected to the unauthorized request. 

^.,!!" q " ]U ; P 1 ^- 11 ^ 1 ' 1011 fails tn ™ * e'"P fnr the failure of 

Schneck to teach changing ide n tification of the i^777^ 

upon data files . " ; — 

Since Schneck does not even suggest how it would 
modifiable to disclose the present invention of renaming 
intruded upon files, the proposed modification must be 
clearly disclosed by Margolus in order to reasonably provide 
any basis for combining the references. Margolus fails to 
do this. 

For this teaching in Margolus, Examiner cites 10 
continuous columns, (paragraphs 0011-0032) as well as 
paragraphs 55 and 62 and claims 1-153. Applicants have 
reviewed these sections and claims, and still fail to find 
any suggestion of changing the identification or name of any 
file responsive to an unauthorized intrusion. The 
descriptive material above cited in Margolus does describe 
changing names when new versions of objects are created but 
this does not seem to have anything to do with unauthorized 
intrusions . 

The Examiner more specifically points to paragraph . 0011 
and claims 18-26 teaching the need for access authorization 
to a named object, the contents of which determine the 
location of the data in the storage device. The Examiner 
makes the assumption that the contents may be changed to 
point to the location of another file, e.g. a backup file. 
Applicants fail to understand how this is a teaching of 
responding to an unauthorized intrusion request by changing 
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the identity of the requested file. If the Examiner has a 
logical rationale for her conclusion, Applicants would 
appreciate the Examiner specifying her position in her 
Answer so that Applicants may respond in their Reply Brief. 

The Examiner argues (Section 5. of Final Rejection) 
that it would have been obvious to incorporate the 
backup/replacement means of Margolus in the Schneck system. 
Applicants still fail to see how such a combination even if 
made would disclose responding to an unauthorized intrusion 
request by changing the identity of the requested file. 



The Examiner's proposed combinations of elements from the 
Schneck and Margolus references in the rejection is being 
offered without requisite foresight but only in light of 
Applicants' own teaching. 

In combining the Schneck and Margolus references, the 
Examiner has picked and chosen elements from each reference 
not in the light of teachings from the references but in the 
light of Applicants' own teaching. Thus it is submitted 
that Examiner's proposed combination of references is being 
made not with the requisite foresight of one skilled in the 
art, but rather with the hindsight obtained solely by the 
teaching of the present invention. This approach cannot be 
used to render Applicants' invention unpatentable. 

"To imbue one of ordinary skill in the art 
with knowledge of the invention in suit, when no 
prior art references of record convey nor suggest 
that knowledge, is to fall victim to the insidious 
effect of a hindsight syndrome wherein that which 
only the inventor taught is used against its 
teacher." W. L. Gore. 721 F 2d at 1553. 220 USPQ, 
pp. 312-313. 



"One cannot use hindsight reconstruction to 
pick and choose among isolated disclosures in the 
prior art to deprecate the claimed invention." In 
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re Fi ?e, 5 USPQ 2d 1596 (C.A.F.C.) 1988. 

However, it is further submitted that even if the 
elements from the two references are selected and combined 
as suggested by Examiner, the combination would still fail 
to teach responding to an unauthorized intrusion request by 
changing the identity of the requested file. The Examiner 
admits that the basic Schneck fails to teach this element. 
The modifying Margolus reference also fails to teach 
responding to unauthorized intrusion by changing identity of 
requested file. Margolus chnges identity when new versions 
of objects are created but not upon unauthorized intrusion. 

Claims 2-4 9-11, 17-19, 24-26, 32-34, and 39-41 are more 
specifically patentable over the combination of Schneck and 
Margolus . 

These dependent claims are submitted to be patentable over 
the combination of references for the reasons set forth 
above for the patentability of the independent claims from 
which the present claims respectively depend. In addition, 
these claims set forth that the change in identification is 
achieved by changing the file indentifiers or file names in 
response to an unauthorized intrusion request. Applicants 
have carefully considered the references and found that the 
times that Margolus reference changes identifiers or names 
are when new versions of the files are created. Applicants 
have not found anything in either reference which changes a 
file name or identifier in response to any kind of 
unauthorized intrusion request. 

Claims 5, 12, 20, 27, 35, and 42 are more specifically 
patentable over the combination of Scneck and Margolus. 

These dependent claims are submitted to be patentable over 
the combination of references for the reasons set forth 
AUS920000941US1 7 
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above for the patentability of the independent claims from 
which the present claims respectively depend. In addition, 
these claims set forth a new directory for tracking renamed 
files. It appears that Margolus does disclose listing of 
files in directories. This still does not change the basic 
patentability of the present claims in that the two 
references still do not teach changing a file name or 
identifier in response to any kind of unauthorized intrusion 
request. 

Claims 6, 7, 13, 14, 21 r 22, 28, 29, 36, 37, 43 and 44 are 
more specifically patentable over the combination of Scneck 
and Margolus. 

These dependent claims are submitted to be patentable over 
the combination of references for the reasons set forth 
above for the patentability of the independent claims from 
which the present claims respectively depend. In addition, 
these claims set forth assigning a covert name indicating a 
covert location in a new directory. For this . teaching , the 
Examiner points to disclosures in Margolus of encryption and 
decryption. It is not necessary to argue whether this 
encryption-decryption is equivalent to Applicants' covert 
names. Applicants simply take the position that 
irrespective of whether Margolus discloses renamimg files 
with covert names for any purpose, the combination of 
references simply fails to disclose changing a file name or 
identifier in response to any kind of unauthorized intrusion 
request. 
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Conclusion 



In view of the foregoing, it is submitted that Claims 
1-45 are unobvious over the combination of Schneck et al. 
(US5, 933,498) in view of the Margolus Publication 
(US2002/0038296) , and, therefore, are patentable under 35 
USC 103 (a) . 

Therefore, it is respectfully requested that the Final 
Rejection of claims 1-45 dated February 10, 2005 be 
reversed, and that claims 1-45 be found to be in condition 
for allowance. 



Respectfully submitted, 



Herman Rodriguez 
IPLaw Dept. - I MAD 4054 
IBM Corporation 
11400 Burnet Road 
Austin, Texas 78758 




Registration No. 19,226 
(512) 473-2303 



PLEASE MAIL ALL CORRESPONDENCE TO: 
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VIII. Claims Appendix 



1 1. In a data processing operation having stored data in a 

2 plurality of data files, a system for protecting said data 

3 files from unauthorized users comprising: 
means for receiving user requests for access to data 



4 



7 
8 
9 
10 



5 files; 

6 means for determining whether said requests are 



3 



unauthorized intrusions into said requested data files; and 
means, responsive to a determination that a request is 
an unauthorized intrusion, for changing the identification 
of the requested data files. 



1 2 
2 



The data processing operation system of claim 1 wherein 
said means for changing the identification of said requested 
data files change the overt identification of the requested 
4 files. 

1 3. The data processing operation system of claim 2 wherein 

2 said means for changing the overt identification of said 

3 requested data files rename said files. 

1 4. The data processing operation system of claim 3 wherein 

2 said file renames do not indicate the contents of the 

3 renamed files. 

1 5. The data processing operation system of claim 4 further 

2 including means for moving said renamed files into a new 

3 directory. 
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6. The data processing operation system of claim 5 further 
including means for assigning to each of the renamed files a 
covert name indicating a covert location in said new 
directory for each of said renamed files. 

7. The data processing operation system of claim 6 further 
including a log referencing each renamed file to the covert 
name of the respective file so as to indicate the covert 
location of said file in said new directory. 

8. In a communication network with access to a plurality of 
network sites each having stored data in a plurality of data 
files accessible in response to requests from users at other 
sites. in the network, a system for protecting said network 
site data files from unauthorized users comprising: 

means associated with a network site for 
receiving user requests for access to data files; 

means associated with said network site for determining 
whether said user requests are unauthorized intrusions into 
said requested. data files; and 

means associated with said network site responsive to a 
determination that a request is unauthorized for changing 
the identification of the requested data files. 

9. The communication network system of claim 8 wherein said 
means for changing the identification of said requested data 
files change the overt identification of the requested 
files. 

10. The communication network system of claim 9 wherein 
said means for changing the overt identification of said 
requested data files rename said files. 



AUS920000941US1 



11 



PATENT 
09/801, 612 

1 11. The communication network system of claim 10 wherein 

2 said file renames do not indicate the contents of the 

3 renamed files. 

1 12. The communication network system of claim 11 further 

2 including means for moving said renamed files into a new 

3 directory. 

1 13. The communication network system of claim 12 further 

2 including means for assigning to each- of the renamed files a 

3 covert name indicating a covert location in said new 

4 directory for each of said renamed files. 

1 14. The communication network system of claim 13 further 

2 including a log referencing each renamed file to the covert 

3 name of the respective file so as to indicate the covert 

4 location of said file in said new directory. 

1 15. The communication network system of claim 8 wherein 

2 said network is the World Wide Web, and said network sites 

3 are Web sites. 
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16. In a data processing operation having stored data in a 
plurality of data files, a method for protecting said data 
files from unauthorized users comprising: 

receiving user requests for access to data files; 

determining whether said requests are unauthorized 
intrusions into said requested data files; and 

^ changing the identification of the requested data files 
responsive to a determination that a request is 
unauthorized. 

17. The data processing method of claim 16 wherein said 
step of changing the identification of said requested data 
files changes the overt identification of the requested 
files. 

18. The data processing method of claim 17 wherein said 
step of changing the overt identification of said requested 
data files renames said files. 

19. The data processing method of claim 18 wherein said 
file renames do not indicate the contents of the renamed 
files. 

20. The data processing method of claim 19 further 
including the step of moving said renamed files into a new 
directory. 

21. The data processing method of claim 20 further 
including the step of assigning to each of the renamed files 
a covert name indicating a covert location in said new 
directory for each of said renamed files. 
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22. The data processing method of claim 21 further 
including the step of forming a log referencing each renamed 
file to the covert name of the respective file so as to 
indicate the covert location of said file in said new 
directory . 

23. In a communication network with access to a plurality 
of network sites each having stored data in a plurality of 
data files accessible in response to requests from users at 
other sites in the network, a method for protecting said 
network site data files from unauthorized users comprising: 

receiving user requests for access to data files at a 
network site; 

determining at said network site whether said user 
requests are unauthorized intrusions into said requested 
data files; and 

changing the identification of the requested data files 
responsive to a determination that a request is 
unauthorized. 

24. The communication network method of claim 23 wherein 
said step of changing the identification of said requested 
data files changes the overt identification of the requested 
files. 

25. The communication network method of claim 24 wherein 
said step of changing the overt identification of said 
requested data .files renames said files. 

26. The communication network method of claim 25 wherein 
said file renames do not indicate the contents of the 
renamed files. 
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1 27. The communication network method of claim 26 further 

2 including the step of moving said renamed files into a new 

3 directory. 

1 28. The communication network method of claim 27 further 

2 including the step of assigning to each of the renamed files 

3 a covert name indicating a covert location in said new 

4 directory for each of said renamed files. 

1 29. The communication network method of claim 28 further 

2 including the step of forming a log referencing each renamed 

3 file to the covert name of the respective file so as to 

4 indicate the covert location of said file in said new 

5 directory. 

T 

1 30. The communication network method of claim 23 wherein 

2 said network is the World Wide Web, and said network sites 

3 are Web sites. 

1 31. A computer program having code recorded on a computer 

2 readable medium for protecting data files from unauthorized 

3 users in a data processing operation having stored data in a 

4 plurality of data files, said program comprising: 

5 means for receiving user requests for access to data 

6 files; 

7 means for determining whether said requests are 

8 unauthorized intrusions into said requested data files; and 

9 means responsive to a determination that a request is 

10 unauthorized for changing the identification of the 

11 requested data files. 
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32. The computer program of claim 31 wherein said means for 
changing the identification of said requested data files 
change the overt identification of the requested files. 

33. The computer, program of claim 32 wherein said means for 
changing the overt identification of said requested data 
files rename said files. 

34. The computer program of claim 3 3 wherein said file 
renames do not indicate the contents of the renamed files. 

35. The computer program of claim 34 further including 
means for moving said renamed files into a new directory. 

36. The computer, program of claim 35 further including 
means for assigning to each of the renamed files a covert 
name indicating a covert location in said new directory for 
each of said renamed files. 

37. The computer program of claim 36 further including a 
log referencing each renamed file to the covert name of the 
respective file so as to indicate the covert location of 
said file in said new directory. 
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1 38. A computer program having code recorded on a computer 

2 readable medium for protecting data files from unauthorized 

3 users in a communication network with access to a plurality 

4 of network sites each having stored data in a plurality of 

5 data files accessible in response to requests from users at 

6 other sites in the network, said program comprising: 

7 means associated with a network site for 

8 receiving user requests for access to data files; 

9 means at said network site for determining whether said 

10 user requests are unauthorized intrusions into said 

11 requested data files; and 

12 means associated with said network site responsive to a 

13 determination that a request is unauthorized for changing 

14 the identification of the requested data files. 



1 39. The computer program of claim 3 8 wherein said means for 

2 changing the identification of said requested data files 

3 change the overt identification of the requested files. 

1 40. The computer program of claim 39 wherein said means for 

2 changing the overt identification of said requested data 

3 files rename said files. 



1 41. The computer program of claim 40 wherein said file 

2 renames do not indicate the. contents of the renamed files. 

1 42. The computer program of claim 41 further including 

2 means for moving said renamed files into a new directory. 

1 43. The computer program of claim 42 further including 

2 means for assigning to each of the renamed files a covert 

3 name indicating a covert location in said new directory for 

4 each of said renamed files. 
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1 44. The computer program of claim 43 further including a 

2 log referencing each renamed file to the covert name of the 

3 respective file so as to indicate the covert location of 

4 said file in said new directory. 



45. The computer program of claim 38 wherein said network 
is the World Wide Web, and said network sites are Web sites 



J IX. EvidenrP 

4 There is no evidence presented. 



5 X. Related Proceedings 

6 None 
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